msgbartop
A chronological documentation test project, nothing serious, really!
msgbarbottom

07 May 2007 Monitoring /var/log/secure for break-in attempts

Posted by

date >> ssh-intruders.log ; cat /var/log/secure | grep -i "sshd.*authentication failure" | sort | awk '{FS="rhost="; print $2}' | awk '{FS="user="; print $1}' | grep ".*\..*\." | grep -v "knownhost.com" | grep -v "knownhost2.com" | sort | uniq | while read i; do counter=`grep -i "$i" /var/log/secure | wc -l` ; echo "$counter attempts by $i"; done >> ssh-intruders.log ; cat ssh-intruders.log

Tags: , , ,

Comments are closed.